<?

require_once("mysql.php");
require_once("captcha.php");
require_once("seller.php");
require_once("deal.php");
require_once("reference.php");
require_once("location.php");
require_once("session.php");
require_once("utilities.php");

$input = array(); 

/*
 * Basic data
 */
$input['item']          = trim(strtolower(ESC(@$_POST['item'])));
$input['item_image']    = trim((ESC(@$_POST['item_image'])));
$input['value']         = trim(strtolower(ESC(@$_POST['value'])));
$input['seller']        = trim(strtolower(ESC(@$_POST['seller'])));
$input['seller_image']  = trim((ESC(@$_POST['seller_image'])));
$input['category']      = trim(strtolower(ESC(@$_POST['category'])));
$input['link']          = trim(strtolower(ESC(@$_POST['link'])));
$input['description']   = trim(strtolower(ESC(@$_POST['description'])));
$input['online_seller'] = trim(strtolower(ESC(@$_POST['online_seller'])));

/*
 * This reference data is optional
 */
$input['seller_name']     = trim(strtolower(ESC(@$_POST['seller_name'])));
$input['seller_location'] = trim(strtolower(ESC(@$_POST['seller_location'])));
$input['seller_id']       = trim((ESC(@$_POST['seller_id'])));
$input['seller_ref']      = trim((ESC(@$_POST['seller_ref'])));

/*
 * This data is mandatory for every post
 */
$input['location']  = trim(strtolower(ESC(@$_POST['location'])));
$input['latitude']  = trim(ESC(@$_POST['latitude']));
$input['longitude'] = trim(ESC(@$_POST['longitude']));


/*
 * Verify the input data
 */
function verify($i) {
 
    $errors = array();

    /*
     * Verify the item name
     */
    if (empty($i['item'])) { 
        array_push($errors, "<strong>Bought</strong> box is empty");
    } else if (strlen($i['item']) < 3) {
        array_push($errors, "<strong>Bought</strong> box value too short"); 
    } else if (strlen($i['item']) > 64) {
        array_push($errors, "<strong>Bought</strong> box value too long"); 
    }

    /*
     * No fuc*ing animated GIFs
     */
    if (strpos($i['item_image'], ".gif") >= 0) {
        if (animated_gif($i['item_image'])) {
            array_push($errors, "<strong>Animated images</strong> are not allowed"); 
        }
    }

    /*
     * Verify the price
     */
    if ($i['value'] == "0") {
    } else if (empty($i['value'])) {
        array_push($errors, "<strong>Price</strong> box is empty"); 
    } else if (!is_numeric($i['value'])) {
        array_push($errors, "<strong>Price</strong> value is not a number"); 
    } else if (intval($i['value'] > 1000000)) {
        array_push($errors, "<strong>Price</strong> is way too high =)"); 
    }

    $i['value'] = intval($i['value']);

    /*
     * Verify the seller name
     */
    if (empty($i['seller'])) {
        array_push($errors, "<strong>From</strong> box is empty");  
    } else if (strlen($i['seller']) < 2) {
        array_push($errors, "<strong>From</strong> box value too short"); 
    } else if (strlen($i['seller']) > 128) {
        array_push($errors, "<strong>From</strong> box value too long"); 
    }

    if (strpos($i['seller_image'], ".gif") >= 0) {
        if (animated_gif($i['seller_image'])) {
            array_push($errors, "<strong>Animated images</strong> are not allowed"); 
        }
    }

    if (empty($i['location'])) { 
        array_push($errors, "<strong>Location</strong> box is empty"); 
    } else if (strlen($i['location']) < 3) { 
        array_push($errors, "<strong>Location</strong> box value too short");
    } else if (strlen($i['location']) > 128) {
        array_push($errors, "<strong>Location</strong> box value too long");
    }

    if ( $i['online_seller'] == 'null') { 
        array_push($errors, "Client Error");
    }

    if (empty($i['latitude'])  || $i['latitude'] == 'null'  || 
        empty($i['longitude']) || $i['longitude'] == 'null' ||
        !is_numeric($i['latitude']) || !is_numeric($i['longitude'])) {
    
        array_push($errors, "<strong>Geolocation Error</strong> ");
    }
   
    if (count($errors) > 0)  {
        
        echo json_encode(array_slice($errors, 0, 5), true); 
        die();
    }
}

function post($i) {

    $s = find_or_create_seller($i);
    create_deal($i, $s);
    echo "[\"success\", \"".$_POST['item']."\"]"; die();


}

 
SESSION();

if (isset($_SESSION['userid']) || (@$_SESSION['verified'] == true)) {

    verify($input);
    post($input);

} else if (isset($_SESSION['captcha']) && @$_GET['captcha'] != 'new') {
    /*
     * user not logged in but the user has been challenged
     */ 
    if (trim(@$_GET['captcha']) == @$_SESSION['captcha']) {

        $_SESSION['verified'] = true;
        verify($input);
        post($input);

    } else {
        usleep(500000);
        generate_captcha();
        echo "[\"recaptcha\"]"; die();
    }

} else {
    /*
     * user not logged in and the user has not been challenged
     */
    verify($input);
    generate_captcha();
    echo "[\"captcha\"]"; die();
}


 
?>